[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: RADIUS-Mobile IP support??: RADEXT WG Charter

To: Nakhjiri Madjid-MNAKHJI1 <Madjid.Nakhjiri@motorola.com>, "Charles E. Perkins" <charliep@iprg.nokia.com>
Subject: RE: RADIUS-Mobile IP support??: RADEXT WG Charter
From: "Kuntal Chowdhury" <chowdury@nortelnetworks.com>
Date: Thu, 20 May 2004 10:36:25 -0400
Cc: radiusext@ops.ietf.org, Pete McCann <mccap@lucent.com>, tom.hiller@lucent.com

I think you got it wrong. The MN-HA shared secrets are not dynamically
generated in the HAAA. At least I don't know of such a text in 3GPP2
standard.

I think what we are discussing is purely key distribution issues. So, why
don't we start the discussion about the need for a key distribution
mechanism with RADIUS and see whether RADEXT can accommodate that?

-Kuntal

>-----Original Message-----
>From: Nakhjiri Madjid-MNAKHJI1 [mailto:Madjid.Nakhjiri@motorola.com] 
>Sent: Thursday, May 20, 2004 9:30 AM
>To: Chowdhury, Kuntal [RICH1:2H18:EXCH]; Charles E. Perkins; 
>Nakhjiri Madjid-MNAKHJI1
>Cc: radiusext@ops.ietf.org; Pete McCann; tom.hiller@lucent.com
>Subject: RE: RADIUS-Mobile IP support??: RADEXT WG Charter
>
>
>Kuntal, 
>
>As far as I understood, the secrets are hashed with MN-AAA keys. 
>Any key distribution method that happens on-line has to be 
>done this way. Also the secrets are only needed for the 
>duration of Mobile's visit to the foreign network. How is that 
>more long lived than a key established during IKE?
>
>Madjid
>
>-----Original Message-----
>From: Kuntal Chowdhury [mailto:chowdury@nortelnetworks.com]
>Sent: Wednesday, May 19, 2004 5:18 PM
>To: Charles E. Perkins; Nakhjiri Madjid-MNAKHJI1
>Cc: radiusext@ops.ietf.org; Pete McCann; tom.hiller@lucent.com
>Subject: RE: RADIUS-Mobile IP support??: RADEXT WG Charter
>
>
>Charlie,
>
>sending a users (static or long lived) shared-secret over the 
>wire opens up for attacks. If the MN-HA shared secret is 
>compromised, MIP4 will run into serious security issue. That's 
>why it is a bad idea.
>
>-Kuntal
>
>>-----Original Message-----
>>From: Charles E. Perkins [mailto:charliep@iprg.nokia.com]
>>Sent: Wednesday, May 19, 2004 5:11 PM
>>To: Nakhjiri Madjid-MNAKHJI1
>>Cc: Chowdhury, Kuntal [RICH1:2H18:EXCH]; 
>>radiusext@ops.ietf.org; Pete McCann; tom.hiller@lucent.com
>>Subject: RE: RADIUS-Mobile IP support??: RADEXT WG Charter
>>
>>
>>
>>Hello folks,
>>
>>Since I'm receiving these e-mails, perhaps someone could enlighten me:
>>
>>>2. The distribution of MN-HA shared-secret to the HA (from
>>HAAAs) is a
>>>bad practice. We are not doing that for MIP6 and we may fix that in a
>>>bug fix release for MIP4.
>>>  
>>>
>>Why is this a bad idea?
>>
>>I thought it was pretty good, actually...
>>
>>
>>Regards,
>>Charlie P.
>>
>
>--
>to unsubscribe send a message to 
>radiusext-request@ops.ietf.org with the word 'unsubscribe' in 
>a single line as the message text body.
>archive: <http://psg.com/lists/radiusext/>
>

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Prev by Date: RE: [SPAM: Sexually Explicit] RE: RADIUS-Mobile IP support??: RAD EXT WG Charter
Next by Date: RE: RADIUS-Mobile IP support??: RADEXT WG Charter
Previous by thread: RE: RADIUS-Mobile IP support??: RADEXT WG Charter
Next by thread: RE: RADIUS-Mobile IP support??: RADEXT WG Charter
Index(es):
- Date
- Thread